Geek projects, tidbits and things I'm working on at the moment…

At home I typically use Linux whenever possible and feel pretty familiar working with Openssl when it comes to generating different certificates, making a certificate signing request (CSR) and what the different files mean. But when it comes to Windows boxes, I’ve generally used the certificate wizard like everyone else. Today I had an issue with moving a wildcard certificate from one windows box to another because you can’t just look in the file system to find the private key for the public key your certificate authority (CA) just finished issuing to you from the CSR you built previously.

So, for some time now I’ve worked w/ HTTPS and SSL and have had no real issues. Today however, I finally got a chance to put multiple SSL sites on one IIS 6.0 server which wasn’t very intuitive. HTTPS is funny in that the host header data that a web server needs to have access to is encrypted and can’t be used until it’s decrypted. Course for it to decrypt the packet, it must know which certificate to use and very quickly we’ve got a circular issue. Long story short, web servers CAN host multiple SSL websites so long as the sites are variations of <something>.example.com and you use an apporpriate wild card certificate that will cover all the different sites on your HTTPS web server (such as an SSL certificate issued to *.example.com to cover all of the variations of <something>.example.com.) Ya, I know, confusing.

So while I was applying my craft to a Windows Server 2003 R2 box running IIS 6.0 I quickly encountered an error when I tried to put another website on port 443. Error was, “Cannot register the URL prefix https://*:443/ for site ‘<your site identifier here>’. The necessary network binding may already be in use. The site has been deactivated.” I believe it was event ID 1007 in the event viewer system logs. God I love logs 🙂

Quick search on Google reveals you’ve got to go command-line for this one by executing cscript.exe like so: